With the development of information and communication technology, as information is centralized online, the importance of information protection and security is more increasing. The information protection is a technology for safely protecting computers and information on the organization or individuals from various illegal activities including forgery, leakage, trespass, and denial of service on information transmitted via an information system using a computer or a network such as wired or wireless Internet, preventing security breaching accidents in a physical space, and providing security at a convergence system with other industries. The information protection is classified into common-based security, network security, device security, service security, and convergence security technologies.
Traditionally, the security has been grown separately by physical security and information security, but recently, while a physical security industry, such as access control, parking management, CCTV video surveillance, is combined with an IT information security technology to protect a computer and information on the network, a boundary between the physical security and the information security has collapsed and convergence security area combined with areas of the physical security and the information security occurs. In addition, while the IT technology is applied to existing industries such as automotive, shipbuilding, medical, and power generation, handling the security problems occurring in the convergence between IT and industry is included in new convergence security.
Encryption and authentication refer to a technology for encrypting data stored in a computer system and a communication period to secure confidentiality and certifying a user to access the system. As the common-based security technology, coverage may include web security, DB security, XML security, network security, smartphone security, and the like encrypting transmission and reception between a web server and a browser, public key infrastructure (PKI) such as encryption, authentication, and electronic signature, etc.
In conjunction with a user authentication technology, there is a need for a process of certifying whether a user receiving a service is an appropriate user due to a non-face-to-face characteristic of online services. If the user may not be properly certified, personal information and the like may be exposed according to a type of service, and thus it is required to secure safety and reliability through user authentication. As such, elements used to determine whether a user receiving the service is legal refer to as authentication elements.
There is disclosed a technology for generating a secure key from authentication elements unique to a specific device and a specific user in a security system for confirming the user in a service providing process.
FIG. 1 is a block view illustrating a configuration of a secure key generating device in the related art.
A secure key generating device 10 of the related art is connected to a storage 20 to generate a secure key by using authentication information for authenticating a media ID and a user 1 as unique identifiers.
The secure key generating device 10 is connected to the storage 20 and receives a primitive ID from the storage 20. The primitive ID is at least one data for identifying used for operation of a media ID as the unique identifier of the storage 20 and data different from the media ID. The secure key generating device 10 generates the media ID from the primitive ID. In other words, the secure key generating device 10 receives the primitive ID as source data capable of generating the media ID without receiving directly the media ID from the storage 20. This is intended to prevent the media ID from being exposed, and the secure key generating device 10 may store data used to generate the media ID from the primitive ID.
The secure key generating device 10 may include an ID calculating unit 12, an authentication information providing unit 14, and a secure key generating unit 16. The ID calculating unit 12 calculates a media ID as a unique identifier of the storage 20 from the primitive ID by receiving the primitive ID stored in the storage 20.
However, in order to generate the secure key in the same manner, authentication information that is based on unique information of the user needs to be used. Since a common secure key generation algorithm is used to generate the secure key, there is a risk that the secure key may be exposed if the authentication information is exposed.